The rise of the Internet and networking technologies has resulted in the widespread transfer of code, data and files between computers. This material is not always what it seems to be. For example, code that is accessed on a remote machine and downloaded to a computer system can contain hostile algorithms that can potentially destroy code, crash the system, corrupt code or worse. Some of these hostile algorithms are viruses, worms, and Trojan horses.
Hostile, malicious and/or proscribed code, data and files (“code” as used hereinafter generally includes “data” and “files” but does not include text, such as textual email, instant messaging and the like) can infect a single computer system or entire network and so posit a security risk to the computer system or network. (As is industry standard parlance, “code” also includes copies. For example, UNIX systems routinely makes copies of the code in the course of processing the code.)
The user and/or administrator (generally referred to hereinafter as “user”) may wish to intercept, examine and/or control such code.
The user might also wish to intercept, examine and/or control other code as well, for example, code which may be hostile. This latter type of code is known hereinafter as “predetermined code.”
Antivirus or other similar packages attempt to protect the system or network from hostile, malicious, predetermined and/or proscribed code (generally referred to hereinafter as “proscribed code.”) VFIND®, from CyberSoft, Inc., is one such product that may protect systems and networks from proscribed code. If the virus programs are not run frequently—an all too common occurrence—they will not protect the system. Therefore, the benefits and protections offered by antivirus programs are often lost.
Moreover, antivirus and similar programs often require frequent updating as they rely on a database of proscribed code. As new proscribed code is identified, the database must be updated. However, database updates may be delayed or simply not done and so the effectiveness of the program may wane with time.
Moreover, code is constantly mutating. That is, a hostile individual may release modified code, or a regular basis, in order to avoid detection by an antivirus or similar program.
Accordingly, it would be beneficial to have apparatus, methods and articles of manufacture to simply and effectively intercept, control, and/or examine incoming and outgoing code in an efficient and effective manner transparently or almost transparently to the end-user, with little or no operational effort required by the user.
It would also be beneficial to have methods of code analysis that attempt to intercept, control, and/or examine incoming and outgoing code.